Access control lists lecture 1
Download
1 / 18

access control lists lecture 1 - PowerPoint PPT Presentation


  • 221 Views
  • Updated On :

Access Control Lists Lecture 1. PJC CCNA Semester 2 Ver. 3.0 by William Kelly. ACL Definition. An ACL is a sequential group of permit and/or deny statements that control the flow of particular protocols or protocol suits in or out of an interface to a specific host or group of hosts.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'access control lists lecture 1' - Gabriel


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Access control lists lecture 1

Access Control Lists Lecture 1

PJC CCNA Semester 2 Ver. 3.0

by

William Kelly


Acl definition
ACL Definition

An ACL is a sequential group of permit

and/or deny statements that control the

flow of particular protocols or protocol

suits in or out of an interface to a

specific host or group of hosts


Acl concepts
ACL Concepts

  • Applied to a router’s interface

  • Traffic is forwarded or blocked

  • Each protocol must have it’s own ACL defined (You are only allowed 1 ACL per protocol, per port, per direction)


Why use acl s
Why Use ACL’s?

  • Controlling traffic can increase network performance

  • Distribution of routing updates can be controlled

  • Security can be added at the network boundary

  • Specific types of traffic can be permitted or blocked

  • An administrator controls what areas a client can access

  • Screen certain hosts to either allow or deny access to part of a network


Calculate number of acl s
Calculate number of ACL’s

  • 2 ports, each port running IP, IPX

  • 2 ports, each port running IP, IPX, Appletalk

    (Remember you need an ACL for each

    protocol in each direction on each port)


How acl s work
How ACL’s Work

  • Packets enter the interface

  • If the packets are routable then they are routed toward the outbound interface

  • If there is no access list then the packets proceed out the outbound interface

  • If there is an ACL then the packets are filtered using the sequential ACL statements



How does a router process an acl
How does a Router Process an ACL?

  • Does the Layer 2 address match?

  • Is there an inbound ACL?

  • Is there an outbound ACL?


Creating standard acl s
Creating Standard ACL’s

  • ACL statements must be in the correct order! (Use a flowchart to plan your logic)

  • ACL’s can’t be modified (only created and deleted). Use a text editor to write your ACL’s


Configuring acl s
Configuring ACL’s

  • ACL’s are created in Global Configuration Mode

  • Standard ACL’s are 1-99 and Extended ACL’s are 100 – 199

  • Plan your ACL’s in a flowchart considering the protocol or protocol suite, host or group of hosts, and interface and direction of filtering


Configuring acl s cont
Configuring ACL’s (cont.)

  • Define ACL

    • Router(config)# access-list access-list-num {permit | deny} {test conditions}

  • Apply ACL to interface

    • Router(config-if)# {protocol} access-group access-list number


Points to remember creating acl s
Points to remember creating ACL’s

  • Outbound ACL’s are more efficient

  • If you need to alter an ACL use

    no access-list list-number

    (Remember you can’t modify an standard ACL so you must erase it and create it again with your changes. This is why you should create ACL’s in a text file)

    (See Basic Rules in Online Curriculum)


Wildcard mask bits
Wildcard Mask Bits

  • Wildcard mask bits appear “similar” to a reverse subnet mask but have NO RELATIONSHIP TO SUBNET MASKS!!

  • 0 means check a position

  • 1 means don’t check a position


Common wildcard command and abbreviations
Common Wildcard command and Abbreviations

  • Permit 0.0.0.0 255.255.255.255is the same as permit any

  • Permit 181.16.1.1 0.0.0.0is the same aspermit host 181.16.1.1(ONLY A PARTICULAR HOST IS MATCHED!!)


Commands to verify acl s
Commands to verify ACL’s

  • show ip interface – indicates whether any ACL’s are set

  • show access-lists – Displays the contents of all the ACL’s

  • show running-config – Also shows access lists and the interface to which they are assigned


Standard acl s
Standard ACL’s

  • Allow denying/permitting traffic from a specific host/group of hosts and/or protocol suite

  • Use number 1 – 99

  • Only 1 protocol per port per interface is allowed

  • Can only check source address so they should be put as close to the destination as possible


Extended acl s
Extended ACL’s

  • Allow denying/permitting traffic from a specific host/group of hosts and/or protocol suite/protocol and/or port/group of ports

  • Use number 100 – 199

  • Only 1 protocol per port per interface is allowed

  • Can check source and destination address so they should be put as close to the source as possible


Named acl s
Named ACL’s

  • Names for standard and extended ACL’s can be alphanumeric strings

  • Use deny/no deny or permit/no permit to change conditions of a named standard or extended ACL

  • You can’t use the same alphanumeric name twice!


ad